Skills
skills/matthew-andrews/skills/autonomous-coding-agent/Gen Agent Trust Hub

autonomous-coding-agent

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill fetches issue titles and bodies from GitHub or GitLab using CLI tools (gh or glab) and instructs the agent to follow the instructions found in those issues strictly. This creates an attack surface for indirect prompt injection where a malicious issue could contain instructions to perform unauthorized actions.
  • Ingestion points: Issue data fetched via gh issue view and glab issue view (SKILL.md).
  • Boundary markers: Absent; the agent is explicitly told to follow the issue body strictly without mention of delimiters or instruction ignoring.
  • Capability inventory: Full file system access (implementation), Git operations (push/branching), and pull/merge request creation via platform CLIs.
  • Sanitization: No sanitization or verification of the fetched issue content is performed before the agent implements the requested changes.
  • [COMMAND_EXECUTION]: The skill constructs shell commands by interpolating issue titles, issue numbers, and user-provided deviations directly into command arguments (e.g., gh pr create --title "Implement <title>..."). If these fields contain shell metacharacters, it could lead to command injection during the automated PR/MR creation process.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 03:27 AM
Security Audit — agent-trust-hub — autonomous-coding-agent